dependabot-cargo 0.258.0 → 0.259.0
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: f574254dc30cded50cbacf3c567318d9420c3697663bf4b7755c0efe3bd7be8d
|
4
|
+
data.tar.gz: 11e7d101a66a74feef633458f7f166bc52710123123b9c14e8d1a37159f793b2
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 623435a9303a427346727fd956806425f47ad30bd875b99c1deb5b31eac564673299d69227259ee37ee32816b7617bd97d51b1835d339f81325c5368818d4f19
|
7
|
+
data.tar.gz: c3c2f43eaadb3809cdf9535b0ba0f1b708d984f0610ffd3d1d10bad4fb298cefea1adca42b8ab90810108ca453e4eb77ce1a6b92556f269943e7f80d7cc4cecc
|
@@ -17,7 +17,7 @@ module Dependabot
|
|
17
17
|
# (We must add these environment variables here, or 'cargo update' will not think it is
|
18
18
|
# configured properly for the private registries.)
|
19
19
|
|
20
|
-
token_env_var = "CARGO_REGISTRIES_#{cred['
|
20
|
+
token_env_var = "CARGO_REGISTRIES_#{cred['registry'].upcase.tr('-', '_')}_TOKEN"
|
21
21
|
|
22
22
|
token = "placeholder_token"
|
23
23
|
if cred["token"].nil?
|
@@ -48,26 +48,40 @@ module Dependabot
|
|
48
48
|
|
49
49
|
info = dependency.requirements.filter_map { |r| r[:source] }.first
|
50
50
|
index = (info && info[:index]) || CRATES_IO_API
|
51
|
+
hdrs = build_headers(index, info)
|
51
52
|
|
52
|
-
|
53
|
+
url = metadata_fetch_url(dependency, index)
|
54
|
+
response = fetch_metadata(url, hdrs)
|
55
|
+
|
56
|
+
@crates_listing = parse_response(response, index)
|
57
|
+
end
|
58
|
+
|
59
|
+
def build_headers(index, info)
|
53
60
|
hdrs = { "User-Agent" => "Dependabot (dependabot.com)" }
|
61
|
+
return hdrs if index == CRATES_IO_API
|
54
62
|
|
55
|
-
|
56
|
-
|
57
|
-
credentials.find { |cred| cred["type"] == "cargo_registry" && cred["registry"] == info[:name] }&.tap do |cred|
|
58
|
-
hdrs["Authorization"] = "Token #{cred['token']}"
|
59
|
-
end
|
63
|
+
credentials.find { |cred| cred["type"] == "cargo_registry" && cred["registry"] == info[:name] }&.tap do |cred|
|
64
|
+
hdrs["Authorization"] = "Token #{cred['token']}"
|
60
65
|
end
|
61
66
|
|
62
|
-
|
67
|
+
hdrs
|
68
|
+
end
|
63
69
|
|
64
|
-
|
70
|
+
def fetch_metadata(url, headers)
|
71
|
+
Excon.get(
|
65
72
|
url,
|
66
73
|
idempotent: true,
|
67
|
-
**SharedHelpers.excon_defaults(headers:
|
74
|
+
**SharedHelpers.excon_defaults(headers: headers)
|
68
75
|
)
|
76
|
+
end
|
69
77
|
|
70
|
-
|
78
|
+
def parse_response(response, index)
|
79
|
+
if index.start_with?("sparse+")
|
80
|
+
parsed_response = response.body.lines.map { |line| JSON.parse(line) }
|
81
|
+
{ "versions" => parsed_response }
|
82
|
+
else
|
83
|
+
JSON.parse(response.body)
|
84
|
+
end
|
71
85
|
end
|
72
86
|
|
73
87
|
def metadata_fetch_url(dependency, index)
|
@@ -97,46 +97,33 @@ module Dependabot
|
|
97
97
|
crates_listing
|
98
98
|
.fetch("versions", [])
|
99
99
|
.reject { |v| v["yanked"] }
|
100
|
-
|
100
|
+
# Handle both default and sparse registry responses.
|
101
|
+
# Default registry uses "num" for version number.
|
102
|
+
# Sparse registry uses "vers" for version number.
|
103
|
+
.map do |v|
|
104
|
+
version_number = v["num"] || v["vers"]
|
105
|
+
version_class.new(version_number)
|
106
|
+
end
|
101
107
|
end
|
102
108
|
|
103
109
|
def crates_listing
|
104
110
|
return @crates_listing unless @crates_listing.nil?
|
105
111
|
|
106
|
-
info =
|
107
|
-
index = (info
|
108
|
-
|
109
|
-
# Default request headers
|
110
|
-
hdrs = { "User-Agent" => "Dependabot (dependabot.com)" }
|
111
|
-
|
112
|
-
if index != CRATES_IO_API
|
113
|
-
# Add authentication headers if credentials are present for this registry
|
114
|
-
registry_creds = credentials.find do |cred|
|
115
|
-
cred["type"] == "cargo_registry" && cred["registry"] == info[:name]
|
116
|
-
end
|
117
|
-
|
118
|
-
unless registry_creds.nil?
|
119
|
-
# If there is a credential, but no actual token at this point, it means that dependabot-cli
|
120
|
-
# stripped the token from our credentials. In this case, the dependabot proxy will reintroduce
|
121
|
-
# the correct token, so we just use 'placeholder_token' as the token value.
|
122
|
-
token = registry_creds["token"] || "placeholder_token"
|
112
|
+
info = fetch_dependency_info
|
113
|
+
index = fetch_index(info)
|
123
114
|
|
124
|
-
|
125
|
-
|
126
|
-
end
|
115
|
+
hdrs = default_headers
|
116
|
+
hdrs.merge!(auth_headers(info)) if index != CRATES_IO_API
|
127
117
|
|
128
118
|
url = metadata_fetch_url(dependency, index)
|
129
119
|
|
130
120
|
# B4PR
|
131
121
|
puts "Calling #{url} to fetch metadata for #{dependency.name} from #{index}"
|
132
122
|
|
133
|
-
response =
|
134
|
-
|
135
|
-
idempotent: true,
|
136
|
-
**SharedHelpers.excon_defaults(headers: hdrs)
|
137
|
-
)
|
123
|
+
response = fetch_response(url, hdrs)
|
124
|
+
return {} if response.status == 404
|
138
125
|
|
139
|
-
@crates_listing =
|
126
|
+
@crates_listing = parse_response(response, index)
|
140
127
|
|
141
128
|
# B4PR
|
142
129
|
puts "Fetched metadata for #{dependency.name} from #{index} successfully"
|
@@ -145,6 +132,46 @@ module Dependabot
|
|
145
132
|
@crates_listing
|
146
133
|
end
|
147
134
|
|
135
|
+
def fetch_dependency_info
|
136
|
+
dependency.requirements.filter_map { |r| r[:source] }.first
|
137
|
+
end
|
138
|
+
|
139
|
+
def fetch_index(info)
|
140
|
+
(info && info[:index]) || CRATES_IO_API
|
141
|
+
end
|
142
|
+
|
143
|
+
def default_headers
|
144
|
+
{ "User-Agent" => "Dependabot (dependabot.com)" }
|
145
|
+
end
|
146
|
+
|
147
|
+
def auth_headers(info)
|
148
|
+
registry_creds = credentials.find do |cred|
|
149
|
+
cred["type"] == "cargo_registry" && cred["registry"] == info[:name]
|
150
|
+
end
|
151
|
+
|
152
|
+
return {} if registry_creds.nil?
|
153
|
+
|
154
|
+
token = registry_creds["token"] || "placeholder_token"
|
155
|
+
{ "Authorization" => token }
|
156
|
+
end
|
157
|
+
|
158
|
+
def fetch_response(url, headers)
|
159
|
+
Excon.get(
|
160
|
+
url,
|
161
|
+
idempotent: true,
|
162
|
+
**SharedHelpers.excon_defaults(headers: headers)
|
163
|
+
)
|
164
|
+
end
|
165
|
+
|
166
|
+
def parse_response(response, index)
|
167
|
+
if index.start_with?("sparse+")
|
168
|
+
parsed_response = response.body.lines.map { |line| JSON.parse(line) }
|
169
|
+
{ "versions" => parsed_response }
|
170
|
+
else
|
171
|
+
JSON.parse(response.body)
|
172
|
+
end
|
173
|
+
end
|
174
|
+
|
148
175
|
def metadata_fetch_url(dependency, index)
|
149
176
|
return "#{index}/#{dependency.name}" if index == CRATES_IO_API
|
150
177
|
|
@@ -141,7 +141,11 @@ module Dependabot
|
|
141
141
|
raise UnfixableRequirement if req.start_with?(">")
|
142
142
|
|
143
143
|
req.sub(VERSION_REGEX) do |old_version|
|
144
|
-
|
144
|
+
if req.start_with?("<=")
|
145
|
+
target_version
|
146
|
+
else
|
147
|
+
update_greatest_version(old_version, target_version)
|
148
|
+
end
|
145
149
|
end
|
146
150
|
end.join(", ")
|
147
151
|
rescue UnfixableRequirement
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-cargo
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.259.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-05-
|
11
|
+
date: 2024-05-30 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.259.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.259.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: debug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -263,7 +263,7 @@ licenses:
|
|
263
263
|
- MIT
|
264
264
|
metadata:
|
265
265
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
266
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
266
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.259.0
|
267
267
|
post_install_message:
|
268
268
|
rdoc_options: []
|
269
269
|
require_paths:
|